North Korean hackers pose as job seekers and recruiters, the Telekopye Telegram bot enables large-scale phishing scams, and DPRK-aligned threat actors target macOS in two campaigns.

During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help from my colleague Thomas Stacey, we were able to construct an exploit chain with response queue desynchronization along with traditional HTTP/1.1 request smuggling techniques.

As software becomes increasingly integral to our professional and personal lives, the need to protect information and systems from malicious attacks grows proportionately. One of the critical threats that Python developers must grapple with is the risk of code injection, a sophisticated and often devastating form of cyberattack.

On November 23, 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently on November 27, 2023, Tenable published public Proof of Concepts (PoCs) for these vulnerabilities, as they were the ones who initially disclosed these vulnerabilities to Arcserve back in August 2023.

In today's interconnected world, where technology and data are at the forefront of modern society, the protection of critical national infrastructure has become more crucial than ever. The convergence of cyber threats and advancements in artificial intelligence (AI) has created a complex landscape, making it imperative for organisations to develop strategies that enhance their ability to withstand and recover from digital challenges.

In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is "PlugX." This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection. Its history is interwoven with cyber espionage, targeted attacks, and a continuous cat-and-mouse game with security experts (1)(2).

An important piece of cybersecurity, SOAR solutions provide a single location for you to observe, understand, and decide how to respond to security incidents. Short for security orchestration, automation and response, true SOAR solutions are operational tools that can be very flexible and powerful, useful even beyond security use cases. In this article, we’ll explore what SOAR is, why it’s important for enterprises and how you can get the most value from your SOAR solution.

In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report, the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.

The ransomware attack on ICBC Financial Services caused disruption of trading of U.S. Treasuries and marked a new level of breach that could have massive repercussions. When we saw the attack on the Colonial Pipeline back in 2021, the impact was felt throughout the Southeast United States. Any attack on key businesses that keeps an economy running will have some form of impact should the attack be successful.

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September. “The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.